Apache Httpd < 2.4.10 : mod_deflate denial of service

A resource consumption flaw was found in moddeflate. If request body decompression was configured using the "DEFLATE" input filter, a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration...

Apache Httpd < 2.2.29 : mod_deflate denial of service

A resource consumption flaw was found in moddeflate. If request body decompression was configured using the "DEFLATE" input filter, a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration...

phpcms upload cause getshell detailed and case-vulnerability warning-the black bar safety net

0x01 what is upload vulnerability A lot of cms in order to enrich their functions are to provide the upload an avatar, upload pictures and other functions. But if the uploaded content does not do better than the filter, it is equal to say to the attacker to an arbitrary code execution. For exampl...

GLSA-201311-20 : Okular: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201311-20 Okular: Arbitrary code execution Okular contains a heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp. Impact : A remote...

Okular: Arbitrary code execution

Background Okular is a universal document viewer based on KPDF for KDE 4. Description Okular contains a heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp. Impact A remote attacker could entice a user ...

DEBIAN-CVE-2013-4421

The bufdecompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service memory consumption via a compressed packet that has a large size when it is decompressed...

ARRIS DG860A NVRAM Backup Compressor / Decompressor

! /usr/bin/env ruby ARRIS DG860A NVRAM Backup 'Compressor/Decompressor', it really does xor? Gleaned from scmix executable in firmware dump. Backup file is world readable without authentication and contains password information in plain text. box:arris-dev cosmo$ wget http://192.168.0.1/router.da...

Zlib decompression error: [-3] | Failed to decompress LZ4 block

Challenge A Backup Job or Restore fails with either of the following errors: Zlib decompression error: -3. or Failed to decompress LZ4 block: Cause When the software reads from a an existing restore point it performs error detection using Cyclic Redundancy Checks CRC to validate the data. The err...

ClamAV multiple security vulnerabilities

Buffer overflow on UPX decompression, array overflow on PDF parsing...

Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication

Early 2012 ESET company a mysterious malware, dubbed the Avatar rootkit Win32/Rootkit.Avatar, advertised in the underground forums by Russian cyber crime. "We present you here previously announced product. In connection with work on other projects, we moved the release date for the public from Ma...

MiniWeb File Upload / Directory Traversal

============================================================================================ Vulnerable Software: MiniWeb build 300, built on Feb 28 2013 Official Site: http://miniweb.sourceforge.net/ Vulns: Remote arbitrary file upload,Directory traversal. Tested Software/version: MiniWeb build...

Microsoft Windows Media Decompression Remote Code Execution Vulnerability (2780091)

This host is missing a critical security update according to Microsoft Bulletin MS13-011. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Windows Media Decompression Remote Code Execution (MS13-011; CVE-2013-0077)

A remote code execution vulnerability has been reported in Microsoft Windows...

MS13-011: Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091)

The remote Windows host is potentially affected by a vulnerability that could allow remote code execution if a user opens a specially crafted media file such as an .mpg file, opens a Microsoft Office document such as a .ppt file that contains a specially crafted embedded media file, or receives...

PHPCMS background business templates at upload SHELL-vulnerability warning-the black bar safety net

The background can directly put the PHP Trojan direct upload. The principle is very simple. Click on the module business template Management Add corporate template. Then add a ZIP compression package. ZIP archive inside a PHP Trojan, back we all understand. Decompression path in the Decompression...

IrfanView - &#039;.TIF&#039; Image Decompression Buffer Overflow

Application: IrfanView TIF Image Decompression Buffer Overflow Vulnerability Plateform: Windows Version: The vulnerabilities are confirmed in version 4.33. Other versions may also be affected. Exploitation: Remote code execution Secunia Number: SA49856 PRL: 2012-31 Author: Francis Provencher Prot...

IrfanView - &#039;.RLE&#039; Image Decompression Buffer Overflow

Application: IrfanView RLE Image Decompression Buffer Overflow Vulnerability Plateform: Windows Version: The vulnerabilities are confirmed in version 4.33. Other versions may also be affected. Exploitation: Remote code execution Secunia Number: SA49856 PRL: 2012-32 Author: Francis Provencher Prot...

phpcms latest vulnerability that! Background direct upload SHELL vulnerability to upload arbitrary files-the vulnerability warning-the black bar safety net

Author: y0u By law the guest Forum Today doing PHPCMS enterprise's basic template, stumbled upon the PHPCMS a direct upload arbitrary file vulnerability. Click on the module business template Management Add corporate template. Then add a ZIP compression package. ZIP archive inside a PHP Trojan,...

VulnCheck KEV: CVE-2009-0084

Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression...

phpcms latest vulnerability that! Background direct upload SHELL vulnerability-vulnerability warning-the black bar safety net

Today doing PHPCMS enterprise's basic template, stumbled upon the PHPCMS a direct upload arbitrary file vulnerability. Click on the module business template Management Add corporate template. Then add a ZIP compression package. ZIP archive inside a PHP Trojan, back we all understand. Decompressio...